Amendments to the Claims 

1 . (currently amended) A method for operating a public-key encryption scheme 
which provides for sending a digital message M between a sender and a recipient with 
participation of an authorizer as sp e cifi e d by op e rations (a) through (f) d e fin e d b e low , 
wherein the digital message is encrypted by the sender and decrypted by the recipient, the 
method comprising encrypting, by at least one machine in a set of one or more machines, the 
digital message M using at least a recipient public key and a recipient encryption key to 
create an encrypted digital message for decryption with a recipient private key and a 
recipient decryption key, wherein: 

on e or mor e of op e rations (R), (Au), (S), wher e in: 
the op e ration (R) compris e s th e operations (a), (f); 
the op e ration (Au) comprises the op e rations (c), (d); 
th e op e ration (S) comprises th e operation ( e ); 
wh e rein th e op e rations (a) through (f) ar e as follows: 

(a) g e n e rating the recipient public key and the recipient private key form a 

r e cipi e nt public key/ r e cipi e nt private key pair, wherein the recipient private key is a secret 
of the recipient; 

(b) gen e rating a r e cipi e nt encryption k e y; 

(e) sel e cting a k e y generation s e cr e t that is a s e cret of the authoriz e r; 

(d) — generating a the recipient decryption key is generated using at least [[the]] a 
key generation secret of the authorizer and the recipient encryption key, wherein a key 
formed from the recipient decryption encryption key and a key formed from the recipient 
encryption decryption key are a public key/ private key pair. [[;]] 

(e) encrypting the digital m e ssag e using at least the recipi e nt public key and th e 

r e cipi e nt e ncryption k e y to creat e an e ncrypt e d digital m e ssage; and 

(f) d e crypting the encrypt e d digital message using at least th e recipi e nt private 

key and th e r e cipi e nt d e cryption k e y. 

2. (Original) The method of claim 1 , wherein the recipient encryption key is 
generated from information comprising the identity of the recipient. 
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3. (Original) The method of claim 1 , wherein the recipient encryption key is 
generated from information comprising a parameter defining a validity period for the 
recipient decryption key. 

4. (Original) The method of claim 1,- wherein the recipient encryption key is 
generated from information comprising the recipient public key. 

5. (Original) The method of claim 1 , wherein the recipient encryption key is 
generated from information comprising the identity of the recipient, the recipient public key, 
and a parameter defining a validity period for the recipient decryption key. 

6. (Original) The method of claim 1, wherein the recipient decryption key is 
generated by the authorizer according to a schedule known to the sender. 

7. (Original) The method of claim 6, wherein the recipient encryption key is 
generated using at least information comprising the schedule. 

8. (currently amended) The method of claim 1, wherein the recipient private 
key [[/]] and the recipient public key pair is are generated using at least one system 
parameter issued by the authorizer. 

9. (currently amended) The method of claim 1, wherein g e n e rating th e r e cipi e nt 
d e cryption k e y comprises the recipient decryption key is generated by the authorizer to have 
a value S = S rPn , wherein : 

Sr. is the key generation secret of the authorizer: and 

Pr is the recipient encryption key and is equal to ffidniR), wherein Inf Q is an element 
of gen e rating a first cyclic group Gi of elements , wherein Pn is an element of and a second 
cyclic group G 2 of elements , and H ] is a predefined function ("first function H£X wherein 
the first and second cyclic groups Gh and G2 and the function H \ are system parameters 
made available to the sender, and also available to the sender are system parameters 
comprising: 

s e l e cting a function c capable of gen e rating an e lement of th e second cyclic group G 2 
from two elements of th e first cyclic group G if 
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s e l e cting a generator P of the first cyclic group Gi; 

s e l e cting a random k e y gen e ration secret sq associat e d with and known to authorizer; 
g e n e rating a key generation parameter Q = scP; 

sel e cting a first function H± capabl e of g e n e rating an e l e m e nt of th e first cyclic group 



selecting a second function H 2 capable of generating a second string of binary digits 
from an element of the second cyclic group G2. [[;]] 



g e nerating a secret element S = s^ P s associated with th e r e cipi e nt, wh e r e in the s e cr e t 
e l e ment is th e r e cipi e nt d e cryption key. 

10. (Original) The method of claim 9, wherein Inf B comprises the identity of the 
recipient, ID rec , the recipient public key, and a parameter defining a validity period for the 
recipient decryption key. 

1 1 . (Original) The method of claim 9, wherein both the first group Gi and the 
second group G2 are of the same prime order q. 

12. (Original) The method of claim 9 wherein the first cyclic group Gi is an 
additive group of points on a supersingular elliptic curve or abelian variety, and the second 
cyclic group G 2 is a multiplicative subgroup of a finite field. 

13. (currently amended) The method of claim 9 wherein the system parameters 
available to the sender further comprise [[the]] a function e which is a bilinear, non- 
degenerate, and efficiently computable pairing which maps Gj_ X Gi into G? . 




14. (currently amended) The method of claim [[9]] H. wherein: 
sc is an element of the cyclic group Z IqZ [[;]] . 

Q is an e l e m e nt of th e s e cond cyclic group 

el e m e nt Pg is an e l e ment of th e first cyclic group G^ f-asd 

th e s e cret el e m e nt S is an e lem e nt of th e first cyclic group G ^ 
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15. (currently amended) The method of claim 9, wherein encrypting the digital 
message M comprises: 

generating [[the]] an element P ' B = Hi'(ID rec ), wherein ID rec comprises the identity 
of the recipient and wherein Hv is a function capable of generating an element of the first 
cyclic group Gi from a string of binary digits; 

selecting a random key generation secret r; and 

encrypting the digital message M to form a ciphertext C, wherein C is set to be: 
C = [rP, M 0 // 2 (g r )], where g = e(Q, P B )e(PK B , P' B )e G 2 , where PKb is the 

recipient public key and wherein e is a bilinear non-degenerate pairing which maps G i X Gj_ 

into G? . 



16. (Original) The method of claim 1, wherein the recipient encryption key is 
generated from a document and the recipient decryption key is the authorizer's signature on 
the document. 

17. (currently amended) The method of claim [[9]] ii, wherein encrypting the 
digital message M comprises: 

generating [[the]] an element P' B = H 1 (ID re c) wherein Hv is a function capable of 
generating an element of the first cyclic group Gi from a string of binary digits; 
choosing a random parameter a e {0,1 } n ; 
set a random key generation secret r = Ufa, M); and 

encrypting the digital message M to form a ciphertext C, wherein C is set to be: 
C = [rP, M 0 H 2 (g r ), E H 4 (o)( M )]> where g = ^B)e(PK B , P '£) e G 2 , wherein 
PKg is the recipient public key, wherein H3 is a function capable of generating an integer of 
the cyclic group Z IqZ from two strings of binary digits, H 4 is a function capable of 

generating one binary string from another binary string, E is a symmetric encryption 
scheme, e is a bilinear non-degenerate pairing which maps Gj_ X G x into G z , and 114(0) is the 
key used with E. 

18. (currently amended) A method for operating a public-key encryption scheme 
which provides for sending a digital message between a sender and a recipient with 
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participation of a plurality of authorizers as specifi e d by operations (a) through (g) d e fin e d 
b e low , the plurality of authorizers including a root authorizer and n lower-level authorizers 
in a hierarchy between the root authorizer and the recipient, wherein n > 1 , the method 
comprising encrypting, by at least one machine in a set of one or more machines, the digital 
message using a recipient public key and a recipient encryption key to create an encrypted 
digital message for decryption with a recipient private key and a recipient decryption key, 
wherein: 

a key formed from the recipient encryption key and a key formed from the recipient 
decryption key are a public key/ private key pair; 

one or more of op e rations (R), (RAu), (Au), (S), wh e r eiftf 
th e op e ration (R) compris e s th e op e rations (a), (g); 
the op e ration (RAu) compris e s th e op e rations (c), (d); 
th e op e ration (Au) compris e s th e op e ration -fe^ 
fee operation (S) compris e s th e op e ration (f k 
w h e rein tho operations (a) through (g) are as follows : 

{a) g e n e rating a the recipient public key [[/]] and the recipient private key 

form a public key/private key pair for the rec i pient , wherein the recipient private key 
is a secret of the recipient; 

(b) gen e rating a the recipient encryption key is generated using identity 

information of at least one of the recipient's ancestors; 

(e) s e lecting a root k e y g e n e ration s e cret that is a s e cr e t of th e root authoriz e r; 

(d) g e n e rating a root k e y g e neration paramet e r based on th e root key g e n e ration 

(e) g e n e rating a the recipient decryption key is generated such that the recipient 

decryption key is related to the recipient encryption key, [[the]] a root key generation secret 
and [[the]] an associated root key generation paramete r, wherein the root key generation 
parameter is generated based on the root key generation secret, and the root key generation 
secret is a secret of the root authorizer. [[;]] 

(£) encrypting th e digital m e ssag e using tho recipi e nt public k e y and a recipi e nt 

e ncryption k e y to create an e ncrypt e d digital m e ssag e , wh e r e in a k e y form e d from th e 
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r e cipi e nt d e cryption k e y and a k e y form e d from th e r e cipi e nt encryption k e y ar e a public 
k e y/ private key pair; and 

(g) d e crypting th e e ncrypted digital m e ssage to recover the digital messag e using 

at l e ast the r e cipi e nt privat e k e y and tho recipient d e cryption key. 

1 9. (Original) The method of claim 1 8, wherein the recipient encryption key is 
generated from information comprising the identity of the recipient. 

20. (Original) The method of claim 1 8, wherein the recipient encryption key is 
generated from information comprising a parameter defining a validity period for the 
recipient decryption key. 

21 . (Original) The method of claim 1 8, wherein the recipient encryption key is 
generated from information comprising the recipient public key. 

22. (Original) The method of claim 1 8, wherein the recipient encryption key is 
generated from information comprising the identity of the recipient, the recipient public key, 
and a parameter defining a validity period for the recipient decryption key. 

23. (Original) The method of claim 1 8, wherein the recipient decryption key is 
generated according to a schedule known to the sender. 

24. (currently amended) The method of claim 1 8, wherein the recipient private 
key [[/]] and the recipient public key pair is are generated using system parameters issued by 
one or more of the authorizers. 

25. (Original) The method of claim 1 8, wherein the recipient decryption key is 
related to the root key generation secret and the associated root key generation parameter. 

26. (currently amended) The method of claim 1 8, wherein the plurality of 
authorizers further includes at least m lower-level authorizers in the hierarchy between the 
root authorizer and the sender, wherein m > 1, and wherein / of the m authorizers in the 
hierarchy are common ancestors to both the sender and the recipient, wherein authorizer is 
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the lowest common ancestor authorizer between the sender and the recipient, and wherein / 



s e l e cting a lower-level key generation secret is selected for each of the m lower-level 
authorizers in the hierarchy between the root authorizer and the sender; and 

gen e rating a sender decryption key is generated such that the sender decryption key 
is related to at least the root key generation secret and one or more of the m lower-level key 
generation secrets associated with the m lower-level authorizers in the hierarchy between the 
root authorizer and the sender; 

wherein the message is encrypted using at least the sender decryption key and one or 
more of the lower-level key generation parameters associated with the (m - 1 +1) authorizers 
between the root authorizer and the sender that are at or below the level of the lowest 
common ancestor authorizer/, but not using any of the lower-level key generation parameters 
that are associated with the (/ - 1) authorizers above the lowest common ancestor authorizer/ ; 
and 

wherein the encrypted digital message is d e crypted decryptable using at least the 
recipient decryption key and one or more of the lower-level key generation parameters 
associated with the {n - 1 + 1) authorizers between the root authorizer and the sender that are 
at or below the level of the lowest common ancestor authorizer/, but not using any of the 
lower-level key generation parameters that are associated with the (/ - 1) authorizers that 
above the lowest common ancestor authorizer/. 

27-116. (cancelled) 

1 1 7. (currently amended) The method of claim 1 wherein the method further 
comprises th e op e ration (R) p e rformed by the recipient performing, by at least one machine 
in the set of the one or more machines, operations of: 

generating the recipient public key and the recipient private key; 
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decrypting the encrypted digital message using at least the recipient private key and 



the recipient decryption key . 



118. (currently amended) The method of claim 1 wherein the method further 
comprises th e op e ration (Au) perform e d by the authorizer selecting, by at least one machine 
in the set of the one or more machines, said key generation secret and generating the 
recipient decryption key and sending the recipient decryption key to the recipient . 

119. (canceled) 

120. (currently amended) The method of claim [[1]] 1T8 wherein the method 
further comprises the op e ration (R) p e rformed by the recipient and th e op e ration (Au) 
p e rform e d by th e authoriz e r performing, by at least one machine in the set of the one or 
more machines, operations of: 

generating the recipient public key and the recipient private key; 

decrypting the encrypted digital message using at least the recipient private key and 
the recipient decryption key . 

121-123. (canceled) 

124. (currently amended) The method of claim 1 wh e r e in th e operation (b) is 
perform e d further comprising generating, by at least one machine in the set of the one or 
more machines, the recipient encryption key by the authorizer and/or the recipient and/or the 
sender. 
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125. (currently amended) The method of claim 2 wh e rein the m e thod compris e s 
the op e ration (b) further comprising generating, by at least one machine in the set of the one 
or more machines, the recipient encryption key . 

126. (currently amended) The method of claim 3 wh e r e in th e m e thod compris e s 
th e op e ration (b) further comprising generating, by at least one machine in the set of the one 
or more machines, the recipient encryption key . 

436 127. (currently amended) The method of claim 4 wh e rein the method 
compris e s th e op e ration (b) further comprising generating, by at least one machine in the set 
of the one or more machines, the recipient encryption key . 

437 128. (currently amended) The method of claim 5 wh e r e in th e m e thod 
compris e s the op e ration (b) further comprising generating, by at least one machine in the set 
of the one or more machines, the recipient encryption key . 

437 129. (currently amended) The method of claim 6 wherein the method 
further comprises th e op e ration (Au) p e rformed by the authorizer selecting, by at least one 
machine in the set of the one or more machines, said key generation secret and generating, 
by at least one machine in the set of the one or more machines, the recipient decryption key 
and sending, by at least one machine in the set of the one or more machines, the recipient 
decryption key to the recipient . 

439 1_30. (currently amended) The method of claim 7 wh e r e in th e m e thod 
compris e s th e op e ration (b) further comprising generating, by at least one machine in the set 
of the one or more machines, the recipient encryption key . 
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430 131 . (currently amended) The method of claim 9 wherein the method 
further comprises the op e ration (Au) p e rform e d by the authorizer selecting, by at least one 
machine in the set of the one or more machines, said key generation secret and generating, 
by at least one machine in the set of the one or more machines, the recipient decryption key 
and sending, by at least one machine in the set of the one or more machines, the recipient 
decryption key to the recipient . 

434 132. (currently amended) The method of claim 10 wherein the method 
further comprises the op e ration (Au) perform e d by the authorizer selecting, by at least one 
machine in the set of the one or more machines, said key generation secret and generating, 
by at least one machine in the set of the one or more machines, the recipient decryption key 
and sending, by at least one machine in the set of the one or more machines, the recipient 
decryption key to the recipient . 

435 133. (currently amended) The method of claim 1 1 wherein the method 
further comprises th e operation (Au) p e rformed by the authorizer selecting, by at least one 
machine in the set of the one or more machines, said key generation secret and generating, 
by at least one machine in the set of the one or more machines, the recipient decryption key 
and sending, by at least one machine in the set of the one or more machines, the recipient 
decryption key to the recipient . 

■433- 134. (currently amended) The method of claim 12 wherein the method 
further comprises the operation (Au) p e rform e d by the authorizer selecting, by at least one 
machine in the set of the one or more machines, said key generation secret and generating, 
by at least one machine in the set of the one or more machines, the recipient decryption key 
and sending, by at least one machine in the set of the one or more machines, the recipient 
decryption key to the recipient . 
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454 135. (currently amended) The method of claim 1 3 wherein the method 
further comprises th e operation (Au) p e rformed by the authorizer selecting, by at least one 
machine in the set of the one or more machines, said key generation secret and generating, 
by at least one machine in the set of the one or more machines, the recipient decryption key 
and sending, by at least one machine in the set of the one or more machines, the recipient 
decryption key to the recipient . 

453- 136 . (currently amended) The method of claim 14 wherein the method 
further comprises th e operation (Au) p e rformed by the authorizer selecting, by at least one 
machine in the set of the one or more machines, said key generation secret and generating, 
by at least one machine in the set of the one or more machines, the recipient decryption key 
and sending, by at least one machine in the set of the one or more machines, the recipient 
decryption key to the recipient . 

456 137. (previously presented) The method of claim 1 5 wherein the method 
comprises the operation (S) performed by the sender. 

432 138- (currently amended) The method of claim 16 wherein the method 
further comprises th e op e ration (Au) performed by the authorizer selecting, by at least one 
machine in the set of the one or more machines, said key generation secret and generating, 
by at least one machine in the set of the one or more machines, the recipient decryption key 
and sending, by at least one machine in the set of the one or more machines, the recipient 
decryption key to the recipient . 

458 139. (currently amended) The method of claim 1 6 wherein the method 
further comprises the operation (R) p e rform e d by the recipient performing, by at least one 
machine in the set of the one or more machines, operations of: 

generating the recipient public key and the recipient private key; 
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decrypting the encrypted digital message using at least the recipient private key and 



the recipient decryption key . 



439 140. (canceled) 

440 141_. (currently amended) The method of claim 18 wherein the method 
further comprises th e operation (R) perform e d by the recipient performing, by at least one 
machine in the set of the one or more machines, operations of . 

generating the recipient public key and the recipient private key; and 

decrypting the encrypted digital message to recover the digital message using at least 
the recipient private key and the recipient decryption key. 

444- 142. (currently amended) The method of claim 1 8 wherein the method 
further comprises th e operation (RAu) p e rformed by the root authorizer performing, by at 
least one machine in the set of the one or more machines, operations of: 

selecting the root key generation secret that is a secret of the root authorizer; and 

generating the root key generation parameter based on the root key generation secret . 

442 143. (currently amended) The method of claim 1 8 wherein the method 
further comprises th e op e ration (Au) p e rform e d generating, by at least one machine in the 
set of the one or more machines, the recipient decryption key by one of the authorizers. 

443144. (canceled) 

444 145. (currently amended) The method of claim [[18]] 142 wherein fee 
m e thod compris e s th e op e ration (R) perform e d by th e r e cipient and the op e ration (Au) 
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p e rformed by on e of the authoriz e rs further comprising the recipient performing, by at least 
one machine in the set of the one or more machines, operations of . 

generating the recipient public key and the recipient private key; and 

decrypting the encrypted digital message to recover the digital message using at least 
the recipient private key and the recipient decryption key . 

445 146. (canceled) 
446147. (canceled) 
447 H8. (canceled) 

448 149. (currently amended) The method of claim 18 wh e r e in the m e thod 
compris e s th e op e ration (b) further comprising generating, by at least one machine in the set 
of the one or more machines, the recipient encryption key . 

449 150. (currently amended) The method of claim 1 9 wher e in th e method 
comprises th e operation (b) further comprising generating, by at least one machine in the set 
of the one or more machines, the recipient encryption key . 

450 15L (currently amended) The method of claim 20 wh e r e in th e m e thod 
compris e s th e op e ration (b) further comprising generating, by at least one machine in the set 
of the one or more machines, the recipient encryption key . 

4#4 152. (currently amended) The method of claim 21 wh e r e in th e m e thod 
comprises th e op e ration (b) further comprising generating, by at least one machine in the set 
of the one or more machines, the recipient encryption key . 
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4-52 153. (currently amended) The method of claim 22 wh e rein th e m e thod 
compris e s the operation (b) further comprising generating, by at least one machine in the set 
of the one or more machines, the recipient encryption key . 

4-53 1_54. (currently amended) The method of claim 23 wherein the method 
further comprises th e op e ration (Au) p e rformed generating, by at least one machine in the 
set of the one or more machines, the recipient decryption key by one of the authorizers. 

454 1_55 . (currently amended) The method of claim 25 wherein the method 
further comprises th e op e ration (Au) p e rformed generating, by at least one machine in the 
set of the one or more machines, the recipient decryption key by one of the authorizers. 

156. (currently amended) A computer-readable manufacture comprising a 
computer-readable computer program operable to cause a computer to perform the method 
of claim 1 . 

157. (currently amended) A computer-readable manufacture comprising a 
computer-readable computer program operable to cause a computer to perform the method 
of claim 5. 

158. (currently amended) A computer-readable manufacture comprising a 
computer-readable computer program operable to cause a computer to perform the method 
of claim 9. 

159. (currently amended) A computer-readable manufacture comprising a 
computer-readable computer program operable to cause a computer to perform the method 
of claim 10. 
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1 60. (currently amended) A computer-readable manufacture comprising a 
computer-readable computer program operable to cause a computer to perform the method 
of claim 1 1 . 

161. (currently amended) A computer-readable manufacture comprising a 
computer-readable computer program operable to cause a computer to perform the method 
of claim 13. 

1 62. (currently amended) A computer-readable manufacture comprising a 
computer-readable computer program operable to cause a computer to perform the method 
of claim 15. 

163. (currently amended) A computer-readable manufacture comprising a 
computer-readable computer program operable to cause a computer to perform the method 
of claim 16. 

164. (currently amended) A computer-readable manufacture comprising a 
computer-readable computer program operable to cause a computer to perform the method 
of claim 17. 

165. (currently amended) A computer-readable manufacture comprising a 
computer-readable computer program operable to cause a computer to perform the method 
of claim 18. 
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1 66. (currently amended) A computer-readable manufacture comprising a 
computer-readable computer program operable to cause a computer to perform the method 
of claim 20. 

1 67. (currently amended) A computer-readable manufacture comprising a 
computer-readable computer program operable to cause a computer to perform the method 
of claim 22. 

168. (currently amended) A computer-readable manufacture comprising a 
computer-readable computer program operable to cause a computer to perform the method 
of claim 23. 

1 69. (currently amended) A computer-readable manufacture comprising a 
computer-readable computer program operable to cause a computer to perform the method 
of claim 26. 

1 70. (currently amended) A computer-readable manufacture comprising a 
computer-readable computer program operable to cause a computer to perform the method 
of claim 117. 

171. (currently amended) A computer-readable manufacture comprising a 
computer-readable computer program operable to cause a computer to perform the method 
of claim 118. 

1 72. (currently amended) A computer-readable manufacture comprising a 
computer-readable computer program operable to cause a computer to perform the method 
of claim 119. 
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1 73 . (currently amended) A computer-readable manufacture 
computer-readable computer program operable to cause a computer to 
of claim 123. 



comprising a 
perform the method 



1 74. (currently amended) A computer-readable manufacture comprising a 
computer-readable computer program operable to cause a computer to perform the method 
of claim 127. 

1 75. (currently amended) A computer-readable manufacture comprising a 
computer-readable computer program operable to cause a computer to perform the method 
of claim 130. 

176. (currently amended) A computer-readable manufacture comprising a 
computer-readable computer program operable to cause a computer to perform the method 
of claim 136. 

1 77. (currently amended) A computer-readable manufacture comprising a 
computer-readable computer program operable to cause a computer to perform the method 
of claim 140. 

1 78. (currently amended) A computer-readable manufacture comprising a 
computer-readable computer program operable to cause a computer to perform the method 
of claim 141. 
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179. (currently amended) A computer-readable manufacture comprising a 
computer-readable computer program operable to cause a computer to perform the method 
of claim 142. 

1 80. (currently amended) A computer-readable manufacture comprising a 
computer-readable computer program operable to cause a computer to perform the method 
of claim 143. 

181. (currently amended) A computer-readable manufacture comprising a 
computer-readable computer program operable to cause a computer to perform the method 
of claim 147. 

1 82. (currently amended) A computer-readable manufacture comprising a 
computer-readable computer program operable to cause a computer to perform the method 
of claim 150. 

183. (currently amended) A computer-readable manufacture comprising a 
computer-readable computer program operable to cause a computer to perform the method 
of claim 152. 

1 84. (new) A method for operating a public-key encryption scheme which 
provides for sending a digital message M between a sender and a recipient with participation 
of an authorizer, wherein the digital message M is encrypted by the sender using at least a 
recipient public key and a recipient encryption key to create an encrypted digital message 
and is decrypted by the recipient, the method comprising decrypting, by at least one machine 
in a set of one or more machines, the encrypted digital message using at least a recipient 
private key and a recipient decryption key, wherein: 
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the recipient public key and the recipient private key form a public key/ private key 
pair, wherein the recipient private key is a secret of the recipient; 

the recipient decryption key is generated using at least a key generation secret of the 
authorizer and the recipient encryption key, wherein a key formed from the recipient 
encryption key and a key formed from the recipient decryption key are a public key/ private 
key pair. 

1 85. (new) The method of claim 1 84, wherein the recipient encryption key is 
generated from information comprising the identity of the recipient. 

1 86. (new) The method of claim 1 84, wherein the recipient encryption key is 
generated from information comprising a parameter defining a validity period for the 
recipient decryption key. 

1 87. (new) The method of claim 1 84, wherein the recipient encryption key is 
generated from information comprising the recipient public key. 

188. (new) The method of claim 1 84, wherein the recipient encryption key is 
generated from information comprising the identity of the recipient, the recipient public key, 
and a parameter defining a validity period for the recipient decryption key 

1 89. (new) The method of claim 1 84, wherein the recipient decryption key is 
generated by the authorizer according to a schedule known to the sender. 

1 90. (new) The method of claim 1 89, wherein the recipient encryption key is 
generated using at least information comprising the schedule. 

191. (new) The method of claim 1 84, wherein the recipient private key and the 
recipient public key are generated using at least one system parameter issued by the 
authorizer. 

192. (new) The method of claim 1 84, wherein the recipient decryption key is 
generated by the authorizer to have a value S = ScPb, wherein: 

s c is the key generation secret of the authorizer; and 
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7>b is the recipient encryption key and is equal to 7/i(Inf B ), wherein Inf B is an element 
of generating a first cyclic group Gi of elements, wherein Pb is an element of and a second 
cyclic group G2 of elements, and H\ is a predefined function ("first function wherein 
the first and second cyclic groups Gi and G 2 and the function H\ are system parameters 
made available to the sender, and also available to the sender are system parameters 
comprising: 

a generator P of the first cyclic group Gi; 

a key generation parameter Q = scP; 

a second function H 2 capable of generating a second string of binary digits from an 
element of the second cyclic group G2. 

193. (new) The method of claim 192, wherein Inf B comprises the identity of the 
recipient, ID rec , the recipient public key, and a parameter defining a validity period for the 
recipient decryption key. 

194. (new) The method of claim 192, wherein both the first group Gi and the 
second group G 2 are of the same prime order q. 

195. (new) The method of claim 192 wherein the first cyclic group Gi is an 
additive group of points on a supersingular elliptic curve or abelian variety, and the second 
cyclic group G 2 is a multiplicative subgroup of a finite field. 

196. (new) The method of claim 192 wherein the system parameters available to 
the sender further comprise a function e which is a bilinear, non-degenerate, and efficiently 
computable pairing which maps Q\ X Gi into G 2 . 

197. (new) The method of claim 194 wherein: 
sc is an element of the cyclic group Z IqZ . 

198. (new) The method of claim 192, wherein encrypting the digital message M 
comprises: 

generating an element P ' B = Hr(ID rec ), wherein ID rec comprises the identity of the 
recipient and wherein H\> is a function capable of generating an element of the first cyclic 
group Gi from a string of binary digits; 
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selecting a random key generation secret r; and 

encrypting the digital message M to form a ciphertext C, wherein C is set to be: 
C = [rP, M © H 2 (g% where g - e(Q, P B )e(PK B , P 5) e G 2 , where PK B is the 

recipient public key and wherein e is a bilinear non-degenerate pairing which maps Gi X Gi 

into G2. 

199. (new) The method of claim 1 84, wherein the recipient encryption key is 
generated from a document and the recipient decryption key is the authorizer's signature on 
the document. 

200. (new) The method of claim 1 94, wherein encrypting the digital message M 
comprises: 

generating an element P'b = Hi>(ID rec ) wherein H\< is a function capable of 
generating an element of the first cyclic group Gi from a string of binary digits; 
choosing a random parameter a e {0,1 }"; 
set a random key generation secret r = H 3 (c, M); and 

encrypting the digital message M to form a ciphertext C, wherein C is set to be: 
C = [rP, M © H 2 (g t ), E h 4 (o)( m )]> where g = e(Q, P B )e(PK B , P ' B )e G 2 , wherein 
PKg is the recipient public key, wherein H3 is a function capable of generating an integer of 
the cyclic group Z IqZ from two strings of binary digits, H 4 is a function capable of 

generating one binary string from another binary string, E is a symmetric encryption 
scheme, e is a bilinear non-degenerate pairing which maps Gi X Gi into G 2 , and H4(o) is the 
key used with E. 

201 . (new) The method of claim 1 84 further comprising the authorizer selecting, 
by at least one machine in the set of the one or more machines, said key generation secret 
and generating, by at least one machine in the set of the one or more machines, the recipient 
decryption key and sending, by at least one machine in the set of the one or more machines, 
the recipient decryption key to the recipient. 
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202. (new) A computer-readable manufacture comprising a computer-readable 
computer program operable to cause a computer to perform the method of claim 1 84. 

203. (new) A method for operating a public-key encryption scheme which 
provides for sending a digital message M between a sender and a recipient with participation 
of an authorizer, wherein the digital message is encrypted by the sender using at least a 
recipient public key and a recipient encryption key, wherein the recipient public key and a 
recipient private key form a recipient public key/ recipient private key pair, wherein the 
recipient private key is a secret of the recipient, and the digital message is decrypted by the 
recipient using at least the recipient private key and a recipient decryption key, the method 
comprising the authorizer performing, by at least one machine in a set of one or more 
machines, operations of: 

selecting a key generation secret that is a secret of the authorizer; 

generating a recipient decryption key using at least the key generation secret of the 
authorizer and the recipient encryption key, wherein a key formed from the recipient 
encryption key and a key formed from the recipient decryption key are a public key/ private 
key pair; 

sending the recipient decryption key to the recipient. 

204. (new) The method of claim 203, wherein the recipient encryption key is 
generated from information comprising the identity of the recipient. 

205. (new) The method of claim 203, wherein the recipient encryption key is 
generated from information comprising a parameter defining a validity period for the 
recipient decryption key. 

206. (new) The method of claim 203, wherein the recipient encryption key is 
generated from information comprising the recipient public key. 

207. (new) The method of claim 203, wherein the recipient encryption key is 
generated from information comprising the identity of the recipient, the recipient public key, 
and a parameter defining a validity period for the recipient decryption key. 
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208. (new) The method of claim 203, wherein the recipient decryption key is 
generated by the authorizer according to a schedule known to the sender. 

209. (new) The method of claim 208, wherein the recipient encryption key is 
generated using at least information comprising the schedule. 

210. (new) The method of claim 203, wherein the recipient decryption key is 
generated by the authorizer to have a value S = ScPb, wherein: 

s c is the key generation secret of the authorizer; and 

P B is the recipient encryption key and is equal to 7/i(Inf B ), wherein Inf B is an element 
of a first cyclic group Gi of elements, wherein Pb is an element of a second cyclic group G2 
of elements, and Hi is a predefined function ("first function Hi"), wherein the first and 
second cyclic groups Gi and G2 and the function Hi are system parameters made available to 
the sender, and also available to the sender are system parameters comprising: 

a generator P of the first cyclic group Gi; 

a key generation parameter Q = scP; 

a second function H2 capable of generating a second string of binary digits from an 
element of the second cyclic group G 2 . 

211. (Original) The method of claim 210, wherein Infe comprises the identity of 
the recipient, ID rec , the recipient public key, and a parameter defining a validity period for 
the recipient decryption key. 

212. (new) The method of claim 2 1 0, wherein both the first group Gi and the 
second group G2 are of the same prime order q. 

213. (new) The method of claim 210 wherein the first cyclic group Gi is an 
additive group of points on a supersingular elliptic curve or abelian variety, and the second 
cyclic group G2 is a multiplicative subgroup of a finite field. 

214. (new) The method of claim 2 1 0 wherein the system parameters available to 
the sender further comprise a function e which is a bilinear, non-degenerate, and efficiently 
computable pairing which maps Gi X Gi into G2. 
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215. (new) The method of claim 2 1 2 wherein: 
sc is an element of the cyclic group Z IqZ . 

216. (new) The method of claim 203, wherein the recipient encryption key is 
generated from a document and the recipient decryption key is the authorizer's signature on 
the document. 

217. (new) A computer-readable manufacture comprising a computer-readable 
computer program operable to cause a computer to perform the method of claim 203. 

218. (new) A method for operating a public-key encryption scheme which 
provides for sending a digital message between a sender and a recipient with participation of 
a plurality of authorizers, the plurality of authorizers including a root authorizer and n lower- 
level authorizers in a hierarchy between the root authorizer and the recipient, wherein n > 1, 
wherein the digital message is encrypted by the sender using a recipient public key and a 
recipient encryption key to create an encrypted digital message for decryption by the 
recipient using a recipient private key and a recipient decryption key, 

the method comprising performing, by at least one machine in a set of one or more 
machines, operations of: 

generating the recipient public key and the recipient private key which are a public 
key/private key pair, wherein the recipient private key is a secret of the recipient; 

obtaining an encrypted digital message formed by encryption of the digital message 
with the recipient public key and the recipient encryption key, wherein a key formed from 
the recipient encryption key and a key formed from the recipient decryption key are a public 
key/ private key pair; and 

decrypting the encrypted digital message to recover the digital message using at least 
the recipient private key and the recipient decryption key; 

wherein the recipient encryption key is generated using identity information of at 
least one of the recipient's ancestors; 
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wherein the recipient decryption key is generated such that the recipient decryption 
key is related to the recipient encryption key, a root key generation secret and an associated 
root key generation parameter, wherein the root key generation parameter is generated based 
on the root key generation secret, and the root key generation secret is a secret of the root 
authorizes 

219. (new) The method of claim 218, wherein the recipient encryption key is 
generated from information comprising the identity of the recipient. 

220. (new) The method of claim 218, wherein the recipient encryption key is 
generated from information comprising a parameter defining a validity period for the 
recipient decryption key. 

22 1 . (new) The method of claim 218, wherein the recipient encryption key is 
generated from information comprising the recipient public key. 

222. (new) The method of claim 218, wherein the recipient encryption key is 
generated from information comprising the identity of the recipient, the recipient public key, 
and a parameter defining a validity period for the recipient decryption key. 

223. (new) The method of claim 218, wherein the recipient decryption key is 
generated according to a schedule known to the sender. 

224. (new) The method of claim 218, wherein the recipient private key and the 
recipient public key are generated using system parameters issued by one or more of the 
authorizers. 

225. (new) The method of claim 218, wherein the recipient decryption key is 
related to the root key generation secret and the associated root key generation parameter. 

226. (new) The method of claim 218, wherein the plurality of authorizers further 
includes at least m lower-level authorizers in the hierarchy between the root authorizer and 
the sender, wherein m > 1, and wherein / of the m authorizers in the hierarchy are common 
ancestors to both the sender and the recipient, wherein authorizer is the lowest common 
ancestor authorizer between the sender and the recipient, and wherein / > 1, and wherein: 
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a lower-level key generation secret is selected for each of the m lower-level 
authorizers in the hierarchy between the root authorizer and the sender; and 

a sender decryption key is generated such that the sender decryption key is related to 
at least the root key generation secret and one or more of the m lower-level key generation 
secrets associated with the m lower-level authorizers in the hierarchy between the root 
authorizer and the sender; 

wherein the message is encrypted using at least the sender decryption key and one or 
more of the lower-level key generation parameters associated with the (m - 1 +1) authorizers 
between the root authorizer and the sender that are at or below the level of the lowest 
common ancestor authorizer/, but not using any of the lower-level key generation parameters 
that are associated with the (/ - 1) authorizers above the lowest common ancestor authorizer/ ; 
and 

wherein the encrypted digital message is decryptable using at least the recipient 
decryption key and one or more of the lower-level key generation parameters associated 
with the (n - 1 + 1) authorizers between the root authorizer and the sender that are at or 
below the level of the lowest common ancestor authorizer/, but not using any of the lower- 
level key generation parameters that are associated with the (/ - 1) authorizers that above the 
lowest common ancestor authorizer/. 

227. (new) The method of claim 218 further comprising generating, by at least one 
machine in the set of the one or more machines, the recipient decryption key by one of the 
authorizers. 

228. (new) A computer-readable manufacture comprising a computer-readable 
computer program operable to cause a computer to perform the method of claim 218. 



229. (new) A method for operating a public-key encryption scheme which 
provides for sending a digital message between a sender and a recipient with participation of 
a plurality of authorizers, the plurality of authorizers including a root authorizer and n lower- 
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level authorizers in a hierarchy between the root authorizer and the recipient, wherein n > 1, 
wherein the digital message is encrypted by the sender using a recipient public key and a 
recipient encryption key to create an encrypted digital message for decryption by the 
recipient using a recipient private key and a recipient decryption key, 

the method comprising generating, by at least one machine in a set of one or more 
machines, the recipient decryption key such that the recipient decryption key is related to the 
recipient encryption key, a root key generation secret and an associated root key generation 
parameter, wherein the root key generation parameter is generated based on the root key 
generation secret, and the root key generation secret is a secret of the root authorizer; 

wherein the recipient encryption key is generated using identity information of at 
least one of the recipient's ancestors; 

wherein a key formed from the recipient encryption key and a key formed from the 
recipient decryption key are a public key/ private key pair; 

wherein the recipient public key and the recipient private key are a public key/private 
key pair, wherein the recipient private key is a secret of the recipient. 

230. (new) The method of claim 229, wherein the recipient encryption key is 
generated from information comprising the identity of the recipient. 

23 1 . (new) The method of claim 229, wherein the recipient encryption key is 
generated from information comprising a parameter defining a validity period for the 
recipient decryption key. 

232. (new) The method of claim 229, wherein the recipient encryption key is 
generated from information comprising the recipient public key. 

233. (new) The method of claim 229, wherein the recipient encryption key is 
generated from information comprising the identity of the recipient, the recipient public key, 
and a parameter defining a validity period for the recipient decryption key. 

234. (new) The method of claim 229, wherein the recipient decryption key is 
generated according to a schedule known to the sender. 
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235. (new) The method of claim 229, wherein the recipient private key and the 
recipient public key are generated using system parameters issued by one or more of the 
authorizers. 

236. (new) The method of claim 229, wherein the recipient decryption key is 
related to the root key generation secret and the associated root key generation parameter. 

237. (new) The method of claim 229, wherein the plurality of authorizers further 
includes at least m lower-level authorizers in the hierarchy between the root authorizer and 
the sender, wherein m > 1, and wherein / of the m authorizers in the hierarchy are common 
ancestors to both the sender and the recipient, wherein authorizer is the lowest common 
ancestor authorizer between the sender and the recipient, and wherein I > 1, and wherein: 

a lower-level key generation secret is selected for each of the m lower-level 
authorizers in the hierarchy between the root authorizer and the sender; and 

a sender decryption key is generated such that the sender decryption key is related to 
at least the root key generation secret and one or more of the m lower-level key generation 
secrets associated with the m lower-level authorizers in the hierarchy between the root 
authorizer and the sender; 

wherein the message is encrypted using at least the sender decryption key and one or 
more of the lower-level key generation parameters associated with the (m - / +1) authorizers 
between the root authorizer and the sender that are at or below the level of the lowest 
common ancestor authorizer/, but not using any of the lower-level key generation parameters 
that are associated with the (/ - 1) authorizers above the lowest common ancestor authorizer/ ; 
and 

wherein the encrypted digital message is decryptable using at least the recipient 
decryption key and one or more of the lower-level key generation parameters associated 
with the (n - 1 + 1) authorizers between the root authorizer and the sender that are at or 
below the level of the lowest common ancestor authorizer/, but not using any of the lower- 
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level key generation parameters that are associated with the (/ - 1) authorizers that above the 
lowest common ancestor authorizer/. 

238. (new) The method of claim 229 further comprising generating, by at least one 
machine in the set of the one or more machines, the recipient decryption key by one of the 
authorizers. 

239. (new) A computer-readable manufacture comprising a computer-readable 
computer program operable to cause a computer to perform the method of claim 229. 
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